Security threats rise in recession; Comply, secure and save with Log Management

How LM / SIEM plays a critical role in the integrated system of internal controls Many public companies are still grappling with the demands of complying with the Sarbanes-Oxley Act of 2002 (SOX). SOX Section 404 dictates that audit functions are ultimately responsible for ensuring that financial data is accurate. One key aspect of proof […]

Read more

The IT Swiss army knife; EventTracker 6.3 and more

Log Management can find answers to every IT-related problem Why can I say that? Because I think most problems get handled the same way. The first stage is someone getting frustrated with the situation. They then use tools to analyze whatever data is accessible to them. From this analysis, they draw some conclusions about the […]

Read more

Auditing web 2.0; 2009 security predictions and more

Auditing Web 2.0 Don’t look now, but the Web 2.0 wave is crashing onto corporate beaches everywhere. Startups, software vendors, and search engine powerhouses are all providing online accounts and services for users to create wikis, blogs, etc. for collaborating and sharing corporate data, often without the knowledge or involvement of IT or in-house legal […]

Read more

Cutting through SIEM/Log Management vendor hype

Cutting through SIEM/Log Management vendor hype While there is little doubt that SIEM solutions are critical for compliance, security monitoring or IT optimization, it is getting harder for buyers to find the right product for their needs. The reason for this is two fold; firstly, there are a number of products available and vendors have […]

Read more

How to recession proof IT; Get hard dollar savings today

Performing well during a security “Every crisis offers you extra desired power” William Moulton Marston Jasmine’s corollary: “Only if you perform well during that crisis.” Crises will happen no matter how many precautions we take. The need to blame someone is a human desire and it is easy to focus that on the crisis response […]

Read more

Data leakage and the end of the world

Data leakage and the end of the world Most of the time when IT folk talk about data leakage they mean employees emailing sensitive documents to Gmail accounts or exposing the company through peer-to-peer networks or the burgeoning use of social networking services. CNet News reports “Nearly 40 percent of IT staff at mid to […]

Read more

Hot virtualization and cold compliance; New EventTracker 6.2 and more

Hot server virtualization and cold compliance Without a doubt, server virtualization is a hot technology. NetworkWorld reported: “More than 40% of respondents listed consolidation as a high priority for the next year, and just under 40% said virtualization is more directly on their radar.” They also reported that server virtualization remains one of IT’s top initiatives even […]

Read more

Fear, boredom and the pursuit of compliance

Fear, boredom and the pursuit of compliance When it comes right down to it, we try to comply with regulations and policies because we are afraid of the penalties. Penalties such as corporate fines and jail time may be for the executive club, but everyone is affected when the U.S. Federal Trade Commission starts directly […]

Read more

EventTracker review; Zero-day attack protection and more

Creating lasting change from security management Over the past year, I’ve dealt with how to implement a Pragmatic approach to security management and then dug deeper into the specifics of how to successfully implement a security management environment successfully. Think of those previous tips as your high school level education in security management. […]

Read more

Is it better to leave some logs behind?

Is it better to leave some logs behind? Log management has emerged in the past few years as a must-do discipline in IT for complying with regulatory standards, and protecting the integrity of critical IT assets. However, with millions of logs being spit out on a daily basis by firewalls, routers, servers, workstations, applications and […]

Read more

The Weakest Link in Security

The Quick Win: Showing immediate value from Security Management Last month we spoke about the 5 W’s of security management, delving into the true nature you are trying to accomplish through a security management project. Far too many initiatives fail because there isn’t adequate focus on why, who, what, where, and when. Now that you’ve […]

Read more

The 5 W’s of Security Management

The 5 W’s of security management I’ve seen it happen about a thousand times if I’ve seen it once. A high profile project ends up in a ditch because there wasn’t a proper plan defined AHEAD of time. I see this more often in “squishy” projects like security management because success isn’t easily defined. […]

Read more

Threatscape 2008; Computer security survey results

Understanding where SIM ends and log management begins In my travels, I tend to run into two types of security practitioners. The first I’ll call the “sailor.” These folks are basically adrift in the lake in a boat with many holes. They’ve got a little cup and they work hard every day trying to make […]

Read more

Protect your network from zero-day attacks

Selection criteria for pragmatic Log Management As we wrap up our 6-month tour of Pragmatic Log Management, let’s focus on what are some of the important buying criteria that you should consider when looking at log management offerings. Ultimately, a lot of the vendors in the space have done a good job of making all […]

Read more

Failed your security audit? Recover with a 5 step checklist

Buying a Pragmatic Log Management Solution Over the past 4 months, we’ve discussed many of the reasons that log management is critical. To quickly review, log management can help you react faster from an operational aspect – so you can pinpoint an incident and remediate any issues well ahead of a significant loss. Secondly, log […]

Read more